Everything you need to know about compliance solutions that work for your business. Stay on the right side of the law with ProPrivacy Compliance Solutions.
Understanding GDPR definitions: Special Category Data
Understanding the complexities within the General Data Protection Regulation (GDPR) is important, but it’s not always as simple as clicking “search” and hoping for the easiest result. Instead, the GDPR sets out to provide an extensive framework for the processing, storage, and sharing of personal information. In an earlier blog post on the GDPR, we defined its purpose as:
“…to protect the information and privacy of individual citizens within the European Union and the European Economic Area. The GDPR exists to put individuals in direct control of their personal data, and therefore governs every process relating to any type of personal data.”
Personal data processing
Of course, as a regulatory framework that exists to uphold the rights of data owners (that’s you, me, and everyone, by the way), the GDPR can seem a little long winded. For the layman or business person who believes their business isn’t “about data”, we’ve got some news for you. Data, and specifically, personal data is a fundamental element of your business operations. It’s now an inescapable fact of operating a business: to run your business, you need data. We’d like to extend that, however, and outline something even more true: to run your business effectively, you need data, processes, and procedures, that are GDPR compliant. But, before you panic over the paperwork, ProPrivacy can help, as we turn your data compliance concerns into manageable tasks, and enable your company to develop and implement a GDPR compliance programme.
Special category data
But, understanding how the GDPR affects your business begins with understanding some important definitions. One of those is: Special Category Data. Article 9 of the GDPR outlines and defines the term “Special Category Data” as:
“…personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation …”
But what if we need that personal data?
Oh yes, we forgot to mention: the collection of Special Category Data:
The owners of tick box systems are not rejoicing. Suddenly, on first read of Article 9 of the GDPR, it appears that you can no longer collect personal data that’s often extremely relevant to your business needs.
Special Category Data Exceptions
That puts you into a bit of a pickle, on first glance, as Article 9 goes on to make exceptions – also known as derogations – for the collection of Special Category Data. You may breathe a little sigh of relief now, but be aware: the collection of Special Category Data can be an onerous process for a business, and GDPR compliance is compulsory. In short, however, in terms of the GDPR, you can collect, process, and store, Special Category Data, in line the derogations as outlined in Article 9 of the GDPR, and where they are permitted under national or regional law.
Of course, as a company, you’d need to make specific cases for the collection, storage, and processing of Special Category Data, so it’s not as simple as it seems. The documentation, monitoring, and process implementation would need to include data protection impact assessments (DPIAs) and further records of data processing activities.
That’s why you need a GDPR compliance partner that will help you stay on the right side of regulation. Get in touch with ProPrivacy team and we’ll help you roll out a GDPR compliance programme that covers every requirement.
It’s a big wide world of big data out there. Who does your personal data belong to?
ProPrivacy defines the all-important GDPR term: explicit consent.
ProPrivacy’s Philipa Jane Farley was delighted to join Jonathan Healy on the Red Business Podcast to discuss data protection and cyber security.
Navigating the regulations and requirements of GDPR gets a little easier, once you understand the principles behind GDPR.
ProPrivacy's Useful Cyber Glossary courtesy of Cath Jenkin.
So you have a plan for cyber incident management. Is it enough? Cath Jenkin talks us through testing and improving our plans in this cyber security blog.
ProPrivacy’s Philipa Jane Farley was delighted to join Beacon AI for their panel discussion on The Deconstruction of the DSAR using AI and Automation.
ProPrivacy's Philipa Jane Farley was delighted to join Beacon AI for their panel discussion on The Deconstruction of the DSAR using AI and Automation.
Do you know how to deal with a cyber security incident in your business? Cath Jenkin explores planning, testing and documenting a plan for your response in this cyber security blog.
ProPrivacy’s Philipa Jane Farley participates in Beacon AI’s panel discussion on the Deconstruction of DSAR at TCD
ProPrivacy's Philipa Jane Farley participates in Beacon AI's panel discussion on the Deconstruction of DSAR at TCD.
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. But, what is GDPR and what does it mean for your business?